What to do if you get a "public key not available" (NO_PUBKEY) error message when upgrading the repository on your older Debian system

botond published March 2021, 11, Thu - 04:15 time

Content

 

Introductory

When we do not use the latest version of a Linux distribution, weirdness can occur. For example, the Debian 9 (Stretch) virtual machine used to prepare a later description trunk but fortunately the bug was very easy to fix.

 

 

The symptom

When updating the Debian 9 (Stretch) backports repository, you get an error message:

sudo apt-get update

Cache upgrade error on Debian 9 (Stretch)

It writes "The following signatures cannot be verified because the public key is not available: NO_PUBKEY xxxxxxx".

This can happen if our system has been updated for a very, long time, so many packages are obsolete. That's how I went with my Debian 9 virtual machine, which I haven't used in about a year, when I picked it up to date for a later description - as much as possible to keep a Debian 9 up to date.

Fortunately, this inconvenience can be eliminated very easily.

 

The solution

After checking, most sites recommend setting up a key server and installing the latest GPG keys, but it is even easier to fix the problem if it is not a third-party repository, but a Debian backports repository, for example.

For Debian 9, when at that time the distribution was moved to the oldstable state and was replaced by Debian 10 (Buster) as a stable version, the Debian 9 repository was moved to the archive repository after a while, which only debian-archive-keyring was available because the corresponding GPG keys are included in this package. So this package with GPG keys is probably on our machine, but it is also obsolete, so we need to reinstall it on apt-get command:

sudo apt-get --reinstall install debian-archive-keyring

Reinstalling the debian-archive-keyring package on Debian 9

Az APT package manager it will then reinstall the debian-archive-keyring package from the Debian repository, which already contains the latest GPG keys, as well as remove obsolete configuration files, keys, and so on.

Then, if we re-issue the apt-get update command, it will load and display everything for the first time:

apt-get update works

then after that if we run it again, it will work as usual:

apt-get update works as usual

You can then upgrade your packages as usual:

sudo apt-get upgrade

 

 

The solution for third-party packages

The above solution only works if you use Debian's own repositories, but if you use third-party repositories, you will need to download their own GPG keys. Let's see an example.

Google Chrome

For example, if the cache key of our Google Chrome browser has become invalid, it will throw the following error (NO_PUBKEY) for a Debian 9 here as well:

apt-get update error

Then run the following wget command As root:

wget -qO - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -

And the Google public key will be installed:

Google public key installed

The "-" character on the command line is wget -O (output) option functions as a parameter, so that the content downloaded by the wget command is not saved to a specified file in this case, but is written to standard output so that it can then be passed to other commands via pipeline.

After that, the update of our packages is working properly:

Upgrading trunks is OK

Opera

In the case of Opera, for example, the key can be downloaded with the following command:

wget -qO - https://deb.opera.com/archive.key | sudo apt-key add -

 

However, sometimes the wget commands above may not be able to properly download the keys from the Chrome or other software repositories. In this case, the error persists even when the next package store is updated. If this happens, you should download the key directly from the Ubuntu key server with the following command:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <azonosító>

Where it is substitute the hexadecimal identifier after "NO_PUBKEY" found in our own error output.

 

 

Conclusion

Distributions and their versions come and go, the old ones are replaced by new ones, so sometimes it may be necessary to use separate solutions when using older systems, so that they can continue to function properly.

 

Related Content, Useful Links: